| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: vexctl | Distribution: openSUSE Tumbleweed |
| Version: 0.3.0 | Vendor: openSUSE |
| Release: 1.2 | Build date: Tue Sep 10 03:45:26 2024 |
| Group: Productivity/Security | Build host: reproducible |
| Size: 59173201 | Source RPM: vexctl-0.3.0-1.2.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://github.com/openvex/vexctl | |
| Summary: CLI tool to create, transform and attest VEX metadata | |
vexctl is a CLI tool to create, apply, and attest VEX (Vulnerability Exploitability eXchange) data. Its purpose is to help with the creation and management of VEX documents that allow "turning off" security scanner alerts of vulnerabilities known not to affect a product. VEX can be thought of as a "negative security advisory". Using VEX, software authors can communicate to their users that an otherwise vulnerable component has no security implications for their product.
Apache-2.0
* Tue Sep 10 2024 Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 0.3.0:
* Bump github.com/sigstore/sigstore from 1.8.8 to 1.8.9 in the all group
* Bump actions/upload-artifact from 4.3.6 to 4.4.0 in the all group
* Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 in the all group
* Bump github.com/sigstore/cosign/v2 from 2.3.0 to 2.4.0
* Bump the all group with 2 updates
* Bump actions/upload-artifact from 4.3.5 to 4.3.6 in the all group
* Bump actions/upload-artifact from 4.3.4 to 4.3.5 in the all group
* test: add a leading slash to repository_url
* Update pkg/ctl/implementation.go
* Fix OCI repository URL resolution
* Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 in the all group
* Bump github.com/docker/docker in the go_modules group
* Bump sigs.k8s.io/release-utils from 0.8.3 to 0.8.4 in the all group
* Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0
* Bump softprops/action-gh-release from 2.0.7 to 2.0.8 in the all group
* update go.mod to 1.22.5
* update golanci-lint
* Bump github.com/google/go-containerregistry in the all group
* Bump softprops/action-gh-release from 2.0.6 to 2.0.7 in the all group
* Bump github.com/sigstore/sigstore from 1.8.6 to 1.8.7 in the all group
* Improve the generated template README
* Add support to vulnerability aliases
* Fix Copyright in Boilerplates
* Bump actions/setup-go from 5.0.1 to 5.0.2 in the all group
* Bump google.golang.org/grpc in the go_modules group
* Bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0
* Bump sigs.k8s.io/release-utils from 0.8.2 to 0.8.3 in the all group
* Prevent from specifying subcomponents when multiple products are defined
* fix(create): support multiple --product flags
* Bump go to 1.22.4
* Bump github.com/sigstore/sigstore in the all group across 1 directory
* Bump actions/upload-artifact from 4.3.3 to 4.3.4 in the all group
* Bump github.com/hashicorp/go-retryablehttp in the go_modules group
* Bump softprops/action-gh-release from 2.0.5 to 2.0.6 in the all group
* Bump ko-build/setup-ko from 0.6 to 0.7 in the all group
* Bump the all group with 2 updates
* Bump actions/checkout from 4.1.6 to 4.1.7 in the all group
* Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0
* update installation methods with homebrew
* Bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 in the all group
* Bump github.com/package-url/packageurl-go in the all group
* Bump actions/checkout from 4.1.5 to 4.1.6 in the all group
* Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 in the all group
* Bump golangci/golangci-lint-action from 6.0.0 to 6.0.1 in the all group
* Bump sigs.k8s.io/release-utils from 0.8.1 to 0.8.2 in the all group
* Bump golangci/golangci-lint-action from 5.3.0 to 6.0.0
* Bump softprops/action-gh-release from 2.0.4 to 2.0.5 in the all group
* Bump the all group with 2 updates
* Bump actions/setup-go from 5.0.0 to 5.0.1 in the all group
* Bump kubernetes-sigs/release-actions in the all group
* Bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 in the all group
* Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0
* Bump actions/checkout from 4.1.3 to 4.1.4 in the all group
* Bump actions/upload-artifact from 4.3.2 to 4.3.3 in the all group
* Bump actions/checkout from 4.1.2 to 4.1.3 in the all group
* Bump golang.org/x/net from 0.22.0 to 0.23.0 in the go_modules group
* Bump actions/upload-artifact from 4.3.1 to 4.3.2 in the all group
* Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 in the all group
* Bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4
* Bump sigs.k8s.io/release-utils from 0.8.0 to 0.8.1 in the all group
* Add support for Golang GO-* vulnerability identifier
* Bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.0
* Bump the all group with 1 update
* run attest in prs to test the entire release flow
* Bump the all group with 1 update
* Bump the all group with 1 update
* fix lints
* group dependabot updates
* upgrade to go1.22
* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0
* Bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3
* Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3
* Bump github.com/docker/docker
* Bump kubernetes-sigs/release-actions from 0.1.3 to 0.1.4
* Bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1
* Update release.yaml
* Bump softprops/action-gh-release from 2.0.3 to 2.0.4
* Bump actions/checkout from 4.1.1 to 4.1.2
* Bump softprops/action-gh-release from 1 to 2
* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0
* Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
* Bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2
* Bump github.com/sigstore/rekor from 1.3.4 to 1.3.5
* Bump github.com/sigstore/cosign/v2 from 2.2.2 to 2.2.3
* Bump sigstore/cosign-installer from 3.3.0 to 3.4.0
* Bump github.com/google/go-containerregistry from 0.18.0 to 0.19.0
* Bump github.com/sigstore/sigstore from 1.8.0 to 1.8.1
* Bump github.com/google/go-containerregistry from 0.17.0 to 0.18.0
* Bump kubernetes-sigs/release-actions from 0.1.2 to 0.1.3
* Bump github.com/sigstore/sigstore from 1.7.6 to 1.8.0
* Fix linter errors
* Fri Dec 15 2023 Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 0.2.6:
* Add generate test fixtures
* Add generate subcommand
* Add generate --init test
* Add generate --init flag
* Only read openvex files as templates
* vexctl generate
* Add Generate method
* Add ReadTemplateData() function
* Bump sigstore/cosign-installer from 3.2.0 to 3.3.0
* Bump actions/setup-go from 4.1.0 to 5.0.0
* go mod tidy
* Attach: Add OCI annotations for keyless verification
* Sign: Upload to tlog and capture sig data
* Bump github.com/sigstore/cosign/v2 from 2.2.1 to 2.2.2
* Update examples to v0.2.0
* add: Split out of cmd validation logic
* addOptions validation test
* vexctl add: Fix bug when writing docs in-place
* Bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6
* Move release actions to kubernetes-sigs
* Bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0
* add boilerplate headers
* add snapshot job
* cleanup
* add sboms and revamp the provanance with k8s-release actions tools
* bump golangci-lint to v1.55.x
* Wed Nov 15 2023 Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 0.2.5:
* Bump sigs.k8s.io/release-utils from 0.7.6 to 0.7.7
* Bump github.com/sigstore/cosign/v2 from 2.2.0 to 2.2.1
* Bump sigstore/cosign-installer from 3.1.2 to 3.2.0
* Bump github.com/spf13/cobra from 1.7.0 to 1.8.0
* Bump sigs.k8s.io/release-utils from 0.7.5 to 0.7.6
* Bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5
* update version comments
* Bump actions/checkout from 4.1.0 to 4.1.1
* Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4
* Attest: Add refs flag, improve help and command
* Split intoto subj normlzatn into image and other
* Reuse hashes from existing VEX products
* Reuse purl hashes in product
* Bump sigs.k8s.io/release-utils from 0.7.4 to 0.7.5
* Update README examples to v0.2.0
* Bump github.com/package-url/packageurl-go from 0.1.1 to 0.1.2
* Bump actions/checkout from 4.0.0 to 4.1.0
* Factor out document write logic
* Add add subcommand
* Bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0
* fix lints
* upgrade to go1.21
* Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0
* Add options validation tests
* Make out file option reusable
* Create vex statements from st options
* Refactor commands and options
* Bump actions/checkout from 3.6.0 to 4.0.0
* Bump sigstore/cosign-installer from 3.1.1 to 3.1.2
* Bump github.com/sigstore/sigstore from 1.7.2 to 1.7.3
* Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.0
* Update show to list
* show subcommand creation for review
* go.mod: Pull go-vex@v0.2.5
* Revamp tests for v0.2.2 add more fixtures
* Update vexctl implementation to v0.2.0
* Update vexctl create to v0.2.0
* Rename test fixtures to versioned filenames
* Drop depguard from golangci lint
* Bump actions/checkout from 3.5.3 to 3.6.0
* Bump slsa-framework/slsa-github-generator from 1.8.0 to 1.9.0
* Update SARIF filtering examples
* Update verify.yaml
* Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0
* Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0
* Bump github.com/sigstore/sigstore from 1.7.1 to 1.7.2
* Bump actions/setup-go from 4.0.1 to 4.1.0
* Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.8.0
* Bump github.com/google/go-containerregistry from 0.15.2 to 0.16.1
* Fri Jul 21 2023 Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 0.2.3:
* Rename artifacts to vexctl
* refactor release job
* fix deprecated flag
* Add ko installer to release workflow
* Add missing ldflags script
* go.mod: Pull go-vex v0.2.1
* Drop deprecated vex.StatementFromID
* Bump github.com/secure-systems-lab/go-securesystemslib
* Fix --subcomponents flag
* Add support for PRISMA- identifiers
* Bump github.com/sigstore/cosign/v2 from 2.1.0 to 2.1.1
* Bump sigstore/cosign-installer from 3.1.0 to 3.1.1
* Bump sigstore/cosign-installer from 3.0.5 to 3.1.0
* Bump github.com/sigstore/cosign/v2
* Bump github.com/sigstore/sigstore from 1.7.0 to 1.7.1
* Pull go-vex @ HEAD
* Use vex.Open instead of vex.Load to support multi format vex
* Add initial CSAF example files
* Add OpenVEX examples
* vexctl create: add --impaact-statement
* filter: Drop debug messages, improve output
* Add RUSTSEC, GHSA, RHSA to known identifiers
* Bump github.com/package-url/packageurl-go from 0.1.0 to 0.1.1
* Bump github.com/sigstore/sigstore from 1.6.5 to 1.7.0
* Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0
* Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0
* Bump actions/checkout from 3.5.2 to 3.5.3
* Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0
* Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3
* Bump golangci/golangci-lint-action from 3.4.0 to 3.5.0
* Bump github.com/sigstore/sigstore from 1.6.4 to 1.6.5
* Bump github.com/stretchr/testify from 1.8.3 to 1.8.4
* Bump github.com/stretchr/testify from 1.8.2 to 1.8.3
* Bump sigstore/cosign-installer from 3.0.4 to 3.0.5
* Bump github.com/google/go-containerregistry from 0.15.1 to 0.15.2
* Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2
* Bump sigstore/cosign-installer from 3.0.3 to 3.0.4
* Bump sigs.k8s.io/release-utils from 0.7.3 to 0.7.4
* Bump actions/setup-go from 4.0.0 to 4.0.1
* fix lints
* bump to go 1.20 and update some dependencies
* Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0
* Bump github.com/sigstore/sigstore from 1.6.3 to 1.6.4
* Bump github.com/in-toto/in-toto-golang from 0.8.0 to 0.9.0
* Bump github.com/sigstore/cosign/v2 from 2.0.1 to 2.0.2
* Bump github.com/in-toto/in-toto-golang from 0.7.1 to 0.8.0
* Bump github.com/sigstore/sigstore from 1.6.2 to 1.6.3
* Bump sigstore/cosign-installer from 3.0.2 to 3.0.3
* Bump actions/checkout from 3.5.1 to 3.5.2
* Bump actions/checkout from 3.5.0 to 3.5.1
* Bump github.com/sigstore/sigstore from 1.6.1 to 1.6.2
* Bump sigstore/cosign-installer from 3.0.1 to 3.0.2
* Bump github.com/sigstore/cosign/v2
* Bump github.com/sigstore/sigstore from 1.6.0 to 1.6.1
* Bump github.com/in-toto/in-toto-golang from 0.7.0 to 0.7.1
* Bump github.com/spf13/cobra from 1.6.1 to 1.7.0
* Bump actions/checkout from 3.4.0 to 3.5.0
* Bump actions/setup-go from 3.5.0 to 4.0.0
* Bump github.com/google/go-containerregistry
* Bump actions/checkout from 3.3.0 to 3.4.0
* set cosign yes env var
* Bump sigstore/cosign-installer from 2.8.1 to 3.0.1
* update dependencies and cosign to v2
* Bump github.com/stretchr/testify from 1.8.1 to 1.8.2
* Bump slsa-framework/slsa-github-generator from 1.4.0 to 1.5.0
* Bump github.com/sigstore/sigstore from 1.5.1 to 1.5.2
* Bump github.com/in-toto/in-toto-golang
* Bump github.com/openvex/go-vex
* Fix broken parameters
* Fix examples based on actual command output
* Update maintainers to match community
* Add boilerplate to newfile
* Add unit test to references verifier
* Ensure attested refs are in doc
* --attach implies --sign
* Update attest subcm help
* Drop attestation targets from CLI
* Add test for ListDocumentProducts
* Rework attestation code
* go mod: pull purl module
* Add images test document
* Add test for NormalizeImageRefs
* Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0
* Fix exmple and testdata
* Bump github.com/google/go-containerregistry from 0.12.1 to 0.13.0
* Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0
* fix: missing metadata on document merge
* small fixes
* add provenance and refactor release job
* build vexctl image using ko
* Add initial MAINTAINERS.md
* update license headers
* More improvements to README
* Update README
* Bump github.com/sigstore/sigstore from 1.5.0 to 1.5.1
/usr/bin/vexctl /usr/share/doc/packages/vexctl /usr/share/doc/packages/vexctl/README.md /usr/share/licenses/vexctl /usr/share/licenses/vexctl/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Jan 12 02:11:34 2025